HeroDevs
Visit Rails NES Home Page

Rails 6.1.x Release Notes

13 versions

Changelog and Release Notes for the NES version of Rails 6.1

Apr 23, 2026
Latest: 6.1.7.37
126 Patched Vulnerabilities
VEX Statements

April 2026

6.1.7.37

Released Apr 23, 2026
CVE-2026-41316
CVE-2022-44566

Security Fixes

Active Record
  • CVE-2022-44566 – Resolve incomplete denial-of-service (DoS) fix from earlier release.

6.1.7.36

Released Apr 14, 2026

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.23.10.

March 2026

6.1.7.35

Released Mar 24, 2026
CVE-2026-33168
CVE-2026-33658
CVE-2026-33202
CVE-2026-33195
CVE-2026-33174
4 More

Security Fixes

Action View
Active Storage
  • CVE-2026-33658 - Fix possible DoS vulnerability in proxy mode via multi-range requests.
  • CVE-2026-33202 — Fix possible glob injection in DiskService.
  • CVE-2026-33195 — Fix possible path traversal in DiskService.
  • CVE-2026-33174 - Fix possible DoS vulnerability in proxy mode via Range requests.
  • CVE-2026-33173 — Fix insufficient filtering of metadata in direct uploads.
Active Support

6.1.7.34

Released Mar 4, 2026

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.22.10.

October 2025

6.1.7.33

Released Oct 30, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.20.11.

6.1.7.32

Released Oct 13, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.20.10.

6.1.7.31

Released Oct 10, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.19.10.

6.1.7.30

Released Oct 2, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.18.10.

August 2025

6.1.7.29

Released Aug 20, 2025
CVE-2025-55193
CVE-2025-24293

Security Fixes

Active Record
Active Storage

June 2025

6.1.7.28

Released Jun 17, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.17.10.

May 2025

6.1.7.27

Released May 14, 2025

Notes

  • No changes in Rails.
  • Bumped Rack version requirement to version 2.2.14.10.

March 2025

6.1.7.26

Released Mar 17, 2025

Notes

  • Bumped Rack version requirement to version 2.2.13.10.
  • Removed the railslts-version gem.

February 2025

6.1.7.21

Released Feb 10, 2025
CVE-2024-47889
CVE-2024-54133
CVE-2024-47887
CVE-2024-41128
CVE-2024-47888

Notes

  • This is the initial release of Never-Ending Support (NES) for Rails v6.1.x.

Security Fixes

Action Mailer
Action Pack
  • CVE-2024-54133 – Fixed a possible Content Security Policy bypass in Action Dispatch.
  • CVE-2024-47887 – Fixed a possible ReDoS vulnerability in HTTP Token authentication in Action Controller.
  • CVE-2024-41128 – Fixed a possible ReDoS vulnerability in query parameter filtering in Action Dispatch.
Action Text
  • CVE-2024-47888 – Fixed a possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text.

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.